Field of the Invention
This invention relates in general to the field of microelectronics, and more particularly to an apparatus and method for securing a Basic Input/Output System (BIOS) in a computing system.
Description of the Related Art
Computing platforms come in all shapes and sizes. Desktop computers, laptop computers, tablet computers, personal digital assistants, and smart phones and just a few of the many different forms taken on by these very powerful tools.
When stripped down, virtually all of the forms of computing platforms share the same basic architecture, or configuration. At the core is a central processing unit (most often a microprocessor), memory for program storage (in the form of a hard disk or solid state disk), faster memory from which the programs are executed (typically random access memory), and memory in which a basic input/output system (BIOS) is stored.
The BIOS is the lowest level of layered programming for these platforms and enables standard operating systems and application programs to perform operations using the hardware that is specific to a given computing platform configuration. The BIOS generalizes the myriad number of particulars associated with hardware interfaces so that when changes are made to the platform configuration, higher level programs need not be modified to accommodate the changes. Rather, the BIOS is typically upgraded when changes are made, which is why its storage is typically separate from storage for the operating system and application programs.
Not only does BIOS include the basic operations of the given computing platform, but it also includes configuration data and security data (such as whether the given computing system is authorized to execute certain application programs, etc.). Because BIOS contains security data, it is typically a target for hackers and the like. By modifying a system's BIOS, for example, an unauthorized user may be able to execute programs without a license. Thus, it is extremely important to system designers that the validity and integrity of BIOS be protected and ensured, when the system is not operating and when it is operating.
So, on the one hand it is desirable to provide easy access to a system's BIOS in order to support upgrades and/or reprogramming to support system configuration changes. And on the other hand it is important to protect or restrict access to BIOS contents to preclude tampering by unauthorized parties.
Some attempts at achieving one or both of the above objectives have resulted in mechanisms that are limiting. For example, moving BIOS storage onto the same die as the system's microprocessor protects it from tampering, yet totally defeats the ease of upgrade objective because the BIOS no longer is physically accessible. Other techniques resort to encryption of BIOS contents, which is advantageous from a protection perspective, but which cripple the performance of a system because of the unacceptable number of operations that are required to decrypt BIOS contents each time it is used.
Accordingly, what is needed is a novel technique that supports accessibility and upgrade of a computing system's BIOS contents, but which also protects those contents from unauthorized tampering.